CVE-2019-10241: Cross-Site Scripting

April 22, 2019 (updated July 23, 2019)

Eclipse Jetty server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

References

bugs.eclipse.org/bugs/show_bug.cgi?id=546121
nvd.nist.gov/vuln/detail/CVE-2019-10241

Detect and mitigate CVE-2019-10241 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →